ISACA identifies P2P hacking as problem for companies

By Alan Harten

The ISACA, an association of more than 86,000 IT governance professionals, says that a United States court case in which a 19-year-old hacker has pleaded guilty to modifying a file-sharing application, is highly significant in that it clearly shows the dangers of using this type of software.

This case, which involved P2P operator Limewire, resulted in Jason Milmont facing up to five years in prison and a possible fine of up to $250,000 for making modifications to Limewire.

Up to 15,000 people made use of the modified version of Limewire created by Milmont.

By doing so they infected their own machines with botnets, which could then do almost anything on the host PC, ranging from stealing their financial information to forming part of a network to attack major Web portals.

While modifying peer-to-peer software in this way is reasonably common, this is the first prosecution in such a case and, as such, it highlights the fact that using P2P services and software is a dangerous problem.

With more people than ever logging in to file-sharing sites from their work computer it is becoming an increasingly common way in which companies become exposed to serious risk.

The ISACA commissioned a survey of American white-collar workers and discovered that a shocking 35% of employees ignore company rules on information technology (IT) policies and that 15% have used peer-to-peer file-sharing at least once at work.

Peer-to-peer file-sharing at work is particularly dangerous because it allows in an unknown download that may threaten all kinds of problems for company computers, including placing company information at risk.

A part of the problem is that employees often see no threat or reason why companies will not allow them to download a piece of music from a site that they possibly already use at home.

Basically they have no understanding of the potential threat and therefore see no reason to follow company rules.

They do not comprehend that at home they put their own computer at risk, but at work they put the company’s security at risk, as well as the highly sensitive information they have stored, especially in regard to customers personal and financial details.

On average, at a company of 1,000 white-collar employees, up to 70 employees are likely to be using peer-to-peer file sharing while at work often or very often, based on the survey findings.

Companies and employees should be very concerned about their personal and corporate data in light of this information.